-----Original Message----- From: Juergen Schoenwaelder [mailto:[email protected]] Sent: 29 November 2016 16:19 To: Bogaert, Bart (Nokia - BE) <[email protected]> Cc: [email protected] Subject: Re: [netmod] How to prevent a client from modifying the type of an interface?
On Tue, Nov 29, 2016 at 02:58:10PM +0000, Bogaert, Bart (Nokia - BE) wrote: > Hi, > > We're trying to figure out how to prevent a NC client from changing > the type of an interface. Assume that we have an interface stack defined and the > lowest layer of the stack (the physical interface) is of type fastdsl. In > principle a NC client can send an edit-config to the server and change > the type of that interface to something else. It is still a valid > YANG model but it does not make any sense any more. Is there a way to > express in YANG that this type of change is not allowed rather than > having some SW application in the device interacting with the NC > server and responding with an error to avoid this change? The server > just can't ignore this change and leave the type as it was since then > the client and the server are no longer aligned. > The server has to reject edits that can't be applied to the hardware that is present. Changing fastdsl to ethernet likely would be such a change that can't be applied. Despite of this, you can of course configure access control such that attempts to modify the interface type will be reject. But access control is an added feature; a NC implementation still needs to be able to deal with config change requests that cannot be applied to the resources that are present. [Bart Bogaert] We're looking for a way to prevent this with YANG but to be honest I did not find a way on how to do that. > This message (including any attachments) contains confidential > information intended for a specific individual and purpose, and is > protected by law. If you are not the intended recipient, you should > delete this message. Any disclosure, copying, or distribution of this > message, or the taking of any action based on it, is strictly > prohibited without the prior consent of its author. I assume there is consent by the author that the IETF archives these messages since the author has read the Note Well... [Bart Bogaert] I will remove that message from the footer when sending tot the IETF mailing list... /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
